Exam MS-102 topic 1 question 307 discussion

ChatGPT o1: Answer: B. Generate a Cloud Discovery snapshot report Explanation: When you integrate Microsoft Defender for Cloud Apps (formerly MCAS) with Defender for Endpoint, you can use Cloud Discovery to see which cloud apps and services are being used on your network. A Cloud Discovery snapshot report pulls usage data over a specified period (for example, the last 30 days) to show which apps are used most and how frequently they’re accessed. A. Monthly security summary report – This is a high‐level Microsoft 365 Defender report and doesn’t provide details on specific app usage in the last 30 days. C. Threat analytics alert notification – This focuses on alerting and threat analytics rather than a list of frequently used cloud apps. D. Cloud Discovery executive report – An executive report provides broader, high‐level findings and risk assessments but is less targeted than a Cloud Discovery snapshot report for identifying the top apps and services.

Executive report: The Cloud discovery page provides a dashboard designed to >>give you more insight<< (=identify) into how cloud apps are being used in your organization. The dashboard provides an at-a-glance view of the types of apps being used, your open alerts, and the risk levels of apps in your organization. https://learn.microsoft.com/en-us/defender-cloud-apps/discovered-apps Snapshot reports: https://learn.microsoft.com/en-us/defender-cloud-apps/create-snapshot-cloud-discovery-reports To create a snapshot report: 1. Collect log files from your firewall and proxy, through which users in your organization access the Internet. Make sure to gather logs during times of peak traffic that are representative of all user activity in your organization. Can't be used for last 30 days, 30 days is not a "snapshot" Answer is D.

I thought it clould be Executive Report, so I asked AI to understand the differences between Snapshot Report and Executive Report: The summary is: The Cloud Discovery Executive Report provides a general and broad view, while the Cloud Discovery Snapshot Report provides focused information.

Disagree. I think B is the correct answer. Here is what is contained in the monthly Endpoint report: Microsoft Secure Score Secure score compared to other organizations Devices onboarded Protection against threats Web content monitoring and filtering Suspicious or malicious activities

To identify which cloud apps and services were used most during the last 30 days in Microsoft Defender for Cloud Apps, you should generate a Cloud Discovery snapshot report (Option B). This report provides ad-hoc visibility on a specific set of traffic logs that you manually upload from your network. It allows you to analyze your organization's cloud app usage against Microsoft's catalog of cloud apps, which can give insights into usage patterns and potential security risks​ https://learn.microsoft.com/en-us/defender-cloud-apps/create-snapshot-cloud-discovery-reports

Should be Snapshot report